IT Examiner School

Control Implementation: A Multi-Tiered Approach

Key Card Entry, ID Badges, Mantraps Vulnerability Scanning Virtual private network (VPN) Next Gen Firewalls Disk Encryption Access Control Policy Data Replication Intrusion detection system (IDS) Intrusion prevention system (IPS) EDR/Anti ‐ malware protection software

Cybersecurity Preparedness Challenges • How does the board know that the organization is prepared?

• How can the institution measure key risk through an iterative process to examiners & board?

• How can the institution measure their inherent risk and controls to determine the maturity of their cybersecurity posture?

• FFIEC CAT Tool is on process to identify inherent risks and determine level of maturity of an institution's cyber preparedness.

10